ext/psk_ke_modes: corrected data access

author Nikos Mavrogiannopoulos <nmav@gnutls.org>

Sat, 7 Apr 2018 19:27:27 +0000 (21:27 +0200)

committer Nikos Mavrogiannopoulos <nmav@gnutls.org>

Sat, 7 Apr 2018 19:29:11 +0000 (21:29 +0200)
author Nikos Mavrogiannopoulos <nmav@gnutls.org>
Sat, 7 Apr 2018 19:27:27 +0000 (21:27 +0200)
committer Nikos Mavrogiannopoulos <nmav@gnutls.org>
Sat, 7 Apr 2018 19:29:11 +0000 (21:29 +0200)
diff --git a/fuzz/gnutls_psk_server_fuzzer.repro/d757b818210bcaec5e297cdb5e30cee9059f9bc3 b/fuzz/gnutls_psk_server_fuzzer.repro/d757b818210bcaec5e297cdb5e30cee9059f9bc3

new file mode 100644 (file)

index 0000000..8cc62c1

Binary files /dev/null and b/fuzz/gnutls_psk_server_fuzzer.repro/d757b818210bcaec5e297cdb5e30cee9059f9bc3 differ
diff --git a/lib/ext/psk_ke_modes.c b/lib/ext/psk_ke_modes.c

index c6aef3bda8f4669561a441f6f01f9fc14fa2ff28..afcbcb8ce1b78d132fae4e319dc0ebc65daa6173 100644 (file)
--- a/lib/ext/psk_ke_modes.c
+++ b/lib/ext/psk_ke_modes.c
@@ -139,9 +139,10 @@ psk_ke_modes_recv_params(gnutls_session_t session,
                 return gnutls_assert_val(0);
  
         for (i=0;i<ke_modes_len;i++) {
+               DECR_LEN(len, 1);
                 if (data[i] == PSK_DHE_KE)
                         cli_dhpsk_pos = i;
-               if (data[i] == PSK_KE)
+               else if (data[i] == PSK_KE)
                         cli_psk_pos = i;
  
                 if (cli_psk_pos != MAX_POS && cli_dhpsk_pos != MAX_POS)
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>
	Sat, 7 Apr 2018 19:27:27 +0000 (21:27 +0200)
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>
	Sat, 7 Apr 2018 19:29:11 +0000 (21:29 +0200)
fuzz/gnutls_psk_server_fuzzer.repro/d757b818210bcaec5e297cdb5e30cee9059f9bc3	[new file with mode: 0644]	patch \| blob
lib/ext/psk_ke_modes.c		patch \| blob \| blame \| history